MDM Shell Cmdlets and Scripts for MDM Self Service Portal

Article
02/10/2009

2/9/2009

MDM Self Service Portal uses several cmdlets (pronounced "command-lets") and scripts to implement portal functionality, such as device pre-enrollment.

Mobile Device Manager (MDM) Shell, built on Microsoft Windows PowerShell technology, provides a command-line interface that enables Automation of portal tasks—such as retrieving device information—by using cmdlets and scripts.

For more information about MDM Shell, see Operations for Mobile Device Manager.

How MDM Self Service Portal Uses MDM Shell

PowerShell Hosting Tools, Microsoft.Mobile.ManagementServices.PowerShellHostingTools.dll, is the component that MDM Self Service Portal uses to run cmdlet from ASP.NET.

You must register the cmdlets in the PowerShell section of the Web.config file so that the portal can call them.

MDM Self Service Portal can also run MDM Shell scripts. You must also register the scripts in Web.config so that the portal can call them. The scripts MDM Self Service Portal uses are the .ps1 files under the App_Data folder.

Cmdlets and scripts run through a PowerShellDataSource. ASP.NET controls, such as GridView and FormView, are bound to the PowerShelData Source, and PowerShellDataSource commands map to MDM Shell cmdlets or scripts.

All scripts have a common parameter, $owner, that represents the security identifier (SID) of the logged on user. This parameter is passed for security reasons, to help make sure that scripts act only upon managed Windows Mobile devices for the currently logged on user.

As another security measure, access control lists (ACLs) help protect script files by requiring credentials verification to run a script. You must be a member of SCMDMServerAdmins group and NETWORK SERVICE, in which the ASP.NET account runs.

Example: How GridView Uses a PowerShellDataSource

The following example shows how MDM Self Service Portal uses a PowerShellDataSource to implement a GridView control. The DataSourceID property is set to PowerShellDataSourceDeviceList.

<asp:GridView ID="GridViewDevices" runat="server" 
AutoGenerateColumns="False" 
DataSourceID="PowerShellDataSourceDeviceList"
AllowSorting="True" DataKeyNames="Identity" 
OnDataBound="GridViewDevices_OnDataBound" 
Caption="Pending Device Enrollments" 
OnRowDataBound="GridViewDevices_RowDataBound" 
OnRowDeleting="GridViewDevices_RowDeleting" 
AllowPaging="True" OnRowCreated="GridViewDevices_RowCreated" 
Width="446px">

The following example shows how the DataSource maps PowerShellDataSource commands to MDM Shell scripts, and how you pass parameters to a script.

<ps:PowerShellDataSource runat="server" ID="PowerShellDataSourceDeviceList" 
RunspaceName="runspaceSCMDMSSP" 
GetCommand="ScriptGetDeviceList" 
RemoveCommand="-script-">
<GetCommandParameters>
<ss:UserSIDParameter Name = "owner" />
</GetCommandParameters>
<RemoveCommandParameters>
<ss:UserSIDParameter Name = "owner" />
</RemoveCommandParameters>
</ps:PowerShellDataSource>

In the previous example, the portal application does not declaratively define mapping for the RemoveCommand. Instead, the command is mapped at runtime when the GridViewDevices_RowDeleting event runs.